Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

IAM/Resources Policy

  • (tick) AWS Policy GeneratorThe AWS Policy Generator is a tool that enables you to create policies that control access to Amazon Web Services (AWS) products and resources.
  • salesforce/policy_sentry – IAM Least Privilege Policy Generator
  • duo-labs/cloudtracker – CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
  • goldfiglabs/rpCheckup – rpCheckup – rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.
  • iann0036/iamlive – Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy
  • Netflix/repokid – Repokid removes permissions granting access to unused services from the inline policies of IAM roles in an AWS account.
  • aminohealth/wonk - tool that analyzes IAM policies and minimizes them to fit under IAM policy length limits aws.permissions.cloud – uses a variety of information gathered within the IAM Dataset and exposes that information in a clean, easy-to-read format.
  • ermetic/access-undenied-aws – parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable remediation steps
  • https://aws.permissions.cloud/ – comprehensive list of IAM actions, permissions, and API methods
  • BishopFox/iam-vulnerable – Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.
  • PaloAltoNetworks/IAM-Deescalate – Helps mitigate privilege escalation risk in AWS identity and access management
  • duo-labs/parliament – AWS IAM linting library to find malformed json, incorrect prefix and action names, incorrect resources or conditions for the actions provided, etc.
  • flosell/iam-policy-json-to-terraform – Tool to convert an IAM Policy in JSON format into a Terraform aws_iam_policy_document

Tools that Help Secure AWS Resources

Multiple Resource Types

  • (tick) asecure.cloud –  Creates –  Creates customized CloudFormation/Terraform templates to improve security of existing AWS resources, or deploy secured resources.
  • (tick) cloud-custodian/cloud-custodian – Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
  • toniblyx/prowler – Prowler – Prowler is a security tool to perform AWS security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.
  • aquasecurity/cloudsploit – Cloud Security Posture Management (CSPM)
  • airbnb/streamalert – StreamAlert – StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
  • RhinoSecurityLabs/pacu – The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
  • RhinoSecurityLabs/cloudgoatCloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
  • Netflix/security_monkey – Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
  • RiotGames/cloud-inquisitor – Enforce ownership and data security within AWS
  • tmobile/pacbot – Policy as Code Bot (PacBot) is a platform for continuous compliance monitoring, compliance reporting and security automation for the cloud.
  • darkbitio/aws-recon – Multi-threaded AWS inventory collection tool with a focus on security-relevant resources and metadata.
  • righteousgambitresearch/quiet-riot – Unauthenticated enumeration of services, roles, and users in an AWS account or in every AWS account in existence.
  • fivexl/terraform-aws-cloudtrail-to-slack – Terraform module that deploys resources to parse AWS CloudTrail events and send alerts to Slack for events that match pre-configured rules
  • (tick) cloudquery/cloudquery – Open-source cloud asset inventory powered by SQL. Can also perform Terraform drift checks.
  • turbot/steampipe – Use SQL to instantly query your cloud services (AWS, Azure, GCP and more). Open source CLI. No DB required.
  • simonw/s3-credentials –  A tool for creating credentials for accessing S3 buckets. Helps generate tightly-scoped IAM policies limited to a single prefix within a single bucket.
  • nccgroup/ScoutSuite – Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments.
  • DataDog/stratus-red-team – Stratus Red Team is "Atomic Red Team™" for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner.
  • awslabs/aws-cloudsaga – Simulate security events in AWS
  • awslabs/aws-automated-incident-response-and-forensics – The Automated Incident Response and Forensics aims to facilitate automated steps for incident response and forensics based on the AWS Incident Response White Paper
  • awslabs/aws-security-assessment-solution – An AWS tool to help you create a point in time assessment of your AWS account using Prowler and Scout as well as optional AWS developed ransomware checks.
  • jonrau1/ElectricEye – Continuously monitor your AWS attack surface and evaluate services for configurations that can lead to degradation of confidentiality, integrity or availability.
  • ovotech/domain-protect – Protect against subdomain takeover by looking for dangling DNS (Route 53) records
  • 9rnt/poro – Scan for publicly accessible assets on your AWS cloud environment
  • aws-cloudformation/cloudformation-guard – Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules.
  • awslabs/assisted-log-enabler-for-aws – Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on. Can easily enable logging for S3 access, CloudTrail, load balancers, EKS, VPC flow logs, Route 53 resolver logs.
  • BishopFox/cloudfox – Automating situational awareness for cloud penetration tests.
  • flosell/trailscraper – CLI tool to get information out of AWS CloudTrail logs

 CloudFormation

  • cfripper – Library and CLI tool for analyzing CloudFormation templates and check them for security compliance
  • stelligent/cfn_nag – The cfn-nag tool looks for patterns in CloudFormation templates that may indicate insecure infrastructure.
  • bridgecrewio/checkovPrevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

Keys and Secrets

  • awslabs/git-secrets – Prevents you from committing secrets and credentials into git repositories

  • exec-with-secrets – Handle secrets in Docker using AWS KMS, SSM parameter store, Secrets Manager, or Azure Key Vault
  • dxa4481/truffleHog – Searches through git repositories for high entropy strings and secrets, digging deep into commit history
  • zricethezav/gitleaks – Scan git repos (or files) for secrets using regex and entropy 

...

Log Querying

Monitoring

Useful Articles

...

  • AWS Security Workshops – A collection of the latest AWS Security workshops from AWS
  • Serverless Security Workshop – In this workshop, you will learn techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora. From AWS
  • flAWS 2 Challenge – Teaches you AWS (Amazon Web Services) security concepts. The challenges are focused on AWS specific issues, so no buffer overflows, XSS, etc. Able to be attacker or defender for challenges.
  • CI/CDon't – An active learning exercise where you plan the bad guy where your goal is to gain access to administrative credentials for an AWS account.
  • https://github.com/avishayil/cdk-goatVulnerable by Design AWS Cloud Development Kit (CDK) Infrastructure
  • https://github.com/BishopFox/cloudfoxable – Create your own vulnerable by design AWS penetration testing playground

Other Compilations of Security Resources